1633538 - Stop stripping referrers of 3rd-party iframes when dFPI is enabled

Status: RESOLVED FIXED

(Core :: Privacy: Anti-Tracking, defect, P1)

Description

[Gary Chen [:xeonchen]]

When dFPI is enabled by default, the tests [0, 1] are broken because in [3] we classify 3rd-party non-trackers as trackers, thus the referrer will be stripped.

[0] https://searchfox.org/mozilla-central/rev/158bac3df3a1890da55bdb6ffdaf9a7ffc0bfb0a/dom/security/test/referrer-policy/test_referrer_header_current_document.html#18
[1] https://searchfox.org/mozilla-central/rev/158bac3df3a1890da55bdb6ffdaf9a7ffc0bfb0a/dom/base/test/test_bug704320_preload.html#193-194
[2] https://searchfox.org/mozilla-central/rev/158bac3df3a1890da55bdb6ffdaf9a7ffc0bfb0a/dom/security/ReferrerInfo.cpp#209-210

Comment 1

[Gary Chen [:xeonchen]]

Attachment: Bug 1633538 - allow referrer for `STATE_COOKIES_PARTITIONED_FOREIGN`;

Comment 2

[Gary Chen [:xeonchen]]

I don't have an idea how we should handle referrer for dFPI case.
Probably we'd prefer stripping the referrer, but I'd like to hear if baku any steven has any feedback?

Comment 3

[Andrea Marchesini [:baku]]

Let's talk about this topic during our weekly meeting.
My point of view is that, yes, we should strip the referrer, but I think we should be in sync with what the privacyGC says.

Comment 4

[Steven Englehardt [:englehardt]]

(In reply to Andrea Marchesini [:baku] from comment #3)

Let's talk about this topic during our weekly meeting.
My point of view is that, yes, we should strip the referrer, but I think we should be in sync with what the privacyGC says.

We didn't get a chance to discuss. My general feeling here is that it's clearly a privacy win to strip referrer, and we should do so if we're able to. But it's a separate feature from partitioning, and bundling the two runs the risk of us delaying partitioned storage because of breakage / retention issues that result from referrer stripping. IMO it's better to roll this out as a separate protection measure, so I'm fine with us disabling this now and adding it to the backlog of anti-tracking features while we focus on partitioning.

Comment 5

[Steven Englehardt [:englehardt]]

Bug 1589074 is in our backlog and seems like a better path to handling cross-origin referrers than trying to strip them with dfpi.

Comment 6

[Gary Chen [:xeonchen]]

(In reply to Steven Englehardt [:englehardt] from comment #5)

Bug 1589074 is in our backlog and seems like a better path to handling cross-origin referrers than trying to strip them with dfpi.

I've filed bug 1633993 as follow-up, but seems bug 1589074 will also fix this issue because the behavior will be the same regardless dfpi is enabled or not. So if bug 1589074 is fixed then we can close bug 1633993 as duplicated.

Comment 7

[Pulsebot]

Pushed by xeonchen@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/7e74e5d3c0db
allow referrer for `STATE_COOKIES_PARTITIONED_FOREIGN`; r=baku

Comment 8

[Alexandru Michis [:malexandru]]

https://hg.mozilla.org/mozilla-central/rev/7e74e5d3c0db